Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:09-12-2015 Uruchomiony przez Joe (2015-12-10 16:04:20) Run:1 Uruchomiony z C:\Users\Joe\Desktop Załadowane profile: Joe (Dostępne profile: Joe) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 SSFK; C:\Program Files\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) R2 WdMan; C:\ProgramData\9WdM9\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW <==== UWAGA StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1447697120&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cor&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW&q={searchTerms} HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW&q={searchTerms} SearchScopes: HKU\S-1-5-21-3630990288-2120868229-998028013-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW&q={searchTerms} SearchScopes: HKU\S-1-5-21-3630990288-2120868229-998028013-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW&q={searchTerms} Toolbar: HKU\S-1-5-21-3630990288-2120868229-998028013-1001 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449713158&z=efe1ae5d91b4f9d9a693bf6g6zcz8tcm5gfcdgam5o&from=ient07021&uid=ST3500418AS_5VM28QEWXXXX5VM28QEW CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-12] Task: {1FF32306-2FCD-404B-9964-299C66FB2464} - System32\Tasks\{26F5027A-8277-4A2F-B749-8013233453E2} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain Task: {B84E99A2-62EA-4EB9-B28A-F14544D8EF77} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo C:\Program Files\Lenovo C:\Program Files\Opera C:\Program Files\Picexa C:\Program Files\SFK C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\ProgramData\4WdM4 C:\ProgramData\6WMiniPro6 C:\ProgramData\9WdM9 C:\Users\Joe\AppData\Local\Lenovo C:\Users\Joe\AppData\Local\Opera Software C:\Users\Joe\AppData\Roaming\istartsurf C:\Users\Joe\AppData\Roaming\OpenCandy C:\Users\Joe\AppData\Roaming\Opera Software C:\Users\Joe\AppData\Roaming\TSv C:\Users\Joe\REACHit C:\Windows\System32\Tasks\Lenovo Reg: reg delete HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I /f Reg: reg delete HKCU\Software\dobreprogramy /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. SSFK => Nie można zatrzymać usługi. SSFK => serwis pomyślnie usunięto WdMan => serwis pomyślnie usunięto C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wartość pomyślnie usunięto HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-3630990288-2120868229-998028013-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-3630990288-2120868229-998028013-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-3630990288-2120868229-998028013-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wartość pomyślnie usunięto "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => klucz pomyślnie usunięto Chrome HomePage => pomyślnie usunięto "HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => klucz pomyślnie usunięto Nie można przenieść "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Zaplanowany do przeniesienia przy restarcie. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FF32306-2FCD-404B-9964-299C66FB2464}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF32306-2FCD-404B-9964-299C66FB2464}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{26F5027A-8277-4A2F-B749-8013233453E2} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26F5027A-8277-4A2F-B749-8013233453E2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B84E99A2-62EA-4EB9-B28A-F14544D8EF77}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B84E99A2-62EA-4EB9-B28A-F14544D8EF77}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => klucz pomyślnie usunięto C:\Program Files\Lenovo => pomyślnie przeniesiono C:\Program Files\Opera => pomyślnie przeniesiono C:\Program Files\Picexa => pomyślnie przeniesiono C:\Program Files\SFK => pomyślnie przeniesiono C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\ProgramData\4WdM4 => pomyślnie przeniesiono C:\ProgramData\6WMiniPro6 => pomyślnie przeniesiono C:\ProgramData\9WdM9 => pomyślnie przeniesiono C:\Users\Joe\AppData\Local\Lenovo => pomyślnie przeniesiono C:\Users\Joe\AppData\Local\Opera Software => pomyślnie przeniesiono C:\Users\Joe\AppData\Roaming\istartsurf => pomyślnie przeniesiono C:\Users\Joe\AppData\Roaming\OpenCandy => pomyślnie przeniesiono C:\Users\Joe\AppData\Roaming\Opera Software => pomyślnie przeniesiono C:\Users\Joe\AppData\Roaming\TSv => pomyślnie przeniesiono C:\Users\Joe\REACHit => pomyślnie przeniesiono C:\Windows\System32\Tasks\Lenovo => pomyślnie przeniesiono ========= reg delete HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\dobreprogramy /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= EmptyTemp: => 921.6 MB danych tymczasowych Usunięto. Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2015-12-10 16:07:09) "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Nie można przenieść ==== Koniec Fixlog 16:07:09 ====